'\" t
.\"     Title: IPSEC_VERIFY
.\"    Author: Paul Wouters
.\" Generator: DocBook XSL Stylesheets v1.77.1 <http://docbook.sf.net/>
.\"      Date: 12/23/2012
.\"    Manual: Executable programs
.\"    Source: libreswan
.\"  Language: English
.\"
.TH "IPSEC_VERIFY" "8" "12/23/2012" "libreswan" "Executable programs"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ipsec_verify \- see if the IPsec subsystem has been installed correctly
.SH "SYNOPSIS"
.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIverify\fR
.SH "DESCRIPTION"
.PP
The
\fIipsec verify\fR
examines the local system for a number of common system faults and configuration mistakes\&.
.PP
In addition,
\fIverify\fR
performs checks relevant to Opportunistic Encryption if this is enabled via
\fIoe=yes\fR
in the configuration file
\fIipsec\&.conf\fR\&. It looks in forward DNS for an IPSECKEY record for the system\*(Aqs hostname or
\fImyid=\fR
value\&.
.SH "HISTORY"
.PP
Written originally for the Linux FreeS/WAN project <\m[blue]\fBhttp://www\&.freeswan\&.org\fR\m[]> by Michael Richardson\&. Rewritten in python by Paul Wouters
.SH "BUGS"
.PP
\fIVerify\fR
was converted from shell to perl to python, and the MASQUERADING/NAT rule tests still need to be ported\&. The
\fIss\fR
command is around in various non\-intuitive and buggy versions, causing some false\-positives with respect to listening on UDP port 500 and 4500\&. See https://bugzilla\&.redhat\&.com/show_bug\&.cgi?id=829630
.SH "AUTHOR"
.PP
\fBPaul Wouters\fR
.RS 4
placeholder to suppress warning
.RE
